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DESCRIPTION 



METBO© AN© APPARATUS FOR USEE. AUTHENTICATION USING 
INFRARED COMMUNICATION OF A MOBILE TERMINAL 

1. TECHNICAL FIELD 

5 The present invention relates to a method and apparatus 

for user authentication using infrared communication of a 
mobile terminal, and more specifically, but not by way of 
limitation, to a method and apparatus for wireless user 
authentication using infrared communication of a mobile 
10 terminal 

2. BACKGROUND ART 

Automated transaction systems such as automatic banking 
machines or automated civil affair document issuing machines 
require user authentication so that only authorized users may 
15 access the systems. Every requested service such as 

deposit/withdrawal of cash or issuance of documents can be 
securely processed only after the authentication is done. 

The user authentication may be performed in various 
manners. One of the most popular methods is that a user who 
20 requests service from an automated transaction system 

registers his/her own password at an institution to which the 
automated transaction system belongs and accesses the 
automated transaction system with the registered password. 

Instead of the password, the fingerprint of a user may be 
25 utilized to identify the user. In this case, a fingerprint 
recognition apparatus installed in the automated transaction 
system performs the user authentication process by comparing 
an input fingerprint with pre-registered fingerprints. 

In the user authentication method using passwords, 
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wherein 4 -digit passwords are commonly used, passwords that 
users can remember are notorious for being easy to determine 
by clever intruders or hackers. Thus, the password becomes the 
weakest link in the security chain and such an authentication 
5 method does not provide a high level of security. 

In the user authentication method using fingerprints, a 
high degree of security can be ensured. However, the 
recognition rate of a fingerprint recognition apparatus may 
vary depending on the operating environment or the state of 
10 input fingerprints, which is a drawback to reliable user 
authentication . 

3 . DISCLOSURE OP INVENTION 

In view of the shortcomings of the prior art, it is an 
object of the present invention to provide a system and method 

15 for user authentication using infrared communication of a 
mobile terminal in which electronic signature data stored in 
the mobile terminal is provided to an automated transaction " 
system in a wireless manner so that the user may be identified. 
It is another object of the present invention to provide 

20 a system and method for user authentication using infrared 
communication of a mobile terminal in which user 
authentication is performed by infrared communication between 
the mobile terminal and an automated transaction system to 
transmit electronic signature data stored in the mobile 

25 terminal 

A system for user authentication using infrared 
communication of a mobile terminal in accordance with the 
present invention comprises a mobile terminal for generating 
electronic signature data for a user who requests a particular 
30 service in the form of an infrared signal with a view to 
performing a step of user authentication, automated 
information providing means for verifying the electronic 
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signature data provided by the mobile terminal and for 
allowing the requested service depending on the verification 
result, and certificate providing means for registering a 
certificate in response to a request for issuance of the 
5 certificate by the mobile terminal and for transmitting the 
certificate to the automated information providing means 
through a communication network with a view to verifying the 
validity of user authentication. 

A method for user authentication using infrared 
10 communication of a mobile terminal in accordance with the 
present invention comprises the steps of a first step, 
conducted by a user of a mobile terminal, of making a 'request 
for a particular service by automated information providing 
means, a second step, responsive to a request for electronic 
15 signature data from the automated information providing means, 
of transmitting electronic signature data created by the 
mobile terminal to the automated information providing means 
by way of infrared communication, a third step, conducted by 
the automated information providing means, of obtaining a 
20 certificate registered by the mobile terminal from certificate 
providing means through a communication network, a fourth step 
conducted by the automated information providing means, of 
performing user authentication by verifying the validity of 
the certificate and the electronic signature data, and a fifth 
25 step of allowing the requested service if the user 
authentication is successful. 

4. BRIEF DESCRIPTION OP DRAWINGS 

The accompanying drawings, which are included to provide 
a further understanding of the invention, illustrate the 
30 preferred embodiments of the invention, and together with the 
description, serve to explain the principles of the present 
invention. 
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In the drawings : 

FIG. 1 illustrates a block diagram of a telecommunication 
network for embodying the user authentication system using 
infrared communication of a mobile terminal in accordance with 
the invention; 

FIG. 2 illustrates the application structure for 
electronic signature of the mobile terminal shown in FIG. 1; 

FIG. 3 illustrates a detailed block diagram of the 
automated information providing apparatus shown in FIG. i, 

FIG. 4 illustrates the protocol for the infrared 
communication in accordance with the invention; and 

FIG. 5 is a flowchart illustrating the method for user 
authentication in accordance with the present invention. 
5. MODES FOR CARRYING OUT THE INVENTION 

In order that the invention may be fully understood, 
preferred embodiments thereof will now be described with 
reference to the accompanying drawings. 

FIG. 1 illustrates a block diagram of a telecommunication 
network for embodying the user authentication system using 
20 infrared communication of a mobile terminal in accordance with 
the invention. 

The user authentication system comprises a mobile 
terminal 10, a gateway 12, an authorization server 14, a 
directory server 16, and an automated information providing 
25 apparatus 18. 

The mobile terminal 10, which serves voice and data 
communication through a mobile communication network, connects 
to the authorization server 14 through the mobile 
communication network and the Internet, generates a pair of a 
30 private key and a public key based on a public key 

infrastructure (PKI) , receives an authorization certificate 
and electronic signature data based on the authorization 
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certificate from the authorization server 14. 

The mobile terminal 10 transmits the electronic signature 
data generated by the authorization server 14 to the automated 
information providing apparatus 18 through an infrared 
5 communication channel so that the authentication of the mobile 
terminal user may be performed. If the user authentication is 
successful, the user can get services from the automated 
information providing apparatus 18. 

As shown in FIG. 2, the mobile terminal 10 includes 
10 applications such as a security library 22, an authorization 
certificate storing unit 24, an authorization certificate 
issuance processing module 26, a security service module 28, 
an authorization certificate management module 30, and an 
electronic signature service module 32 on a platform 2 0 and 
15 also includes a wireless modem module 34 for bidirectional 

wireless communication with the wireless communication network 
through uplink and downlink and an infrared communication 
processing unit 36. 

The security library 22 of the mobile terminal 10 
20 provides information required for processing of security 

service with being linked to a security service program. The 
authorization certificate storing unit 24 stores certificate 
data for the mobile terminal user provided from the 
authorization server 14. 

The authorization certificate issuance processing module 
26 performs a task for letting the authorization server 14 
issuing an authorization certificate by generating a PKI-based 
cryptographic key pair including a private key and a public 
key. The security service module 2 8 performs a security 
30 service for processing of the authorization certificate 

issuance and for processing of the electronic signature. The 
authorization certificate management module 30 manages the 
authorization certificate received through the authorization 
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certificate issuance processing module 26. 

The electronic signature service module 32 performs an 
electronic signing service using the authorization certificate 
received from the authorization server 14 and the private key 
5 and transmits the electronic signature to the automated 
information providing apparatus 18 using the infrared 
communication. The electronic signature service module 32 also 
performs encryption/decryption of outgoing/ incoming data 
In conjunction with the electronic signature service 
10 module unit 32, the infrared communication processing unit 36 
converts the electronic signature data into an infrared signal 
and converts the infrared signal received from the automated 
information providing apparatus 18 into an electric signal 
The gateway 12 that exists between the mobile 
15 communication network and the Internet shown in FIG 1 
converts the communication signals from the mobile 
communication network into data packets according to the 
internet protocol and converts the data packets from the 
internet into a signal that can be received by the mobile 
20 terminal 10. 

The authorization server 14 that connects to the mobile 
terminal 10 through the Internet and the mobile communication 
network issues the authorisation certificate using the 
cryptographic pair of a private key and a public key generated 
25 by the mobile terminal 10 based on the PKI electronic 

signature and registers the authorization certificate at the 
directory server 16. 

The directory server 16 stores the authorization 

30 r tm r te iSSUEd ^ aUthOIi2atta — r « -d provides 

the authorization certificate in response to the request of 

the automated information providing apparatus 18 through the 
Internet . 

The automated information providing apparatus 18 is for 
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providing various services such as deposit/withdrawal of cash 
or issuance of documents without the aid of human operators 
The automated information providing apparatus 18 receives the 
electronic signature data from the mobile terminal 10 through 
5 the infrared communication channel and receives the 

authorization certificate of the mobile terminal 10, i e the 
l»L of the certificate, from the authorization server 14.' T „en 
the automated information providing apparatus 18 examines the 
validity of the authorization certificate based on the latest 
.0 CRL (certificate revocation list) , verifies the validity of 
the electronic signature using the certificate, and performs 
the user certification using the information included in the 
certificate. ^ 

As shown in FIG. 3, the automated information providing 
15 apparatus 18 includes a keypad 40, an infrared port 42 a 
communication signal converting module 44, an infrared' 
communication module 46, a control module 48, a security 
service library 52, a network interface adapter 54, and an 
information providing module 56. 

The keypad 40 of the automated information providing 
apparatus 18 contains a plurality of function keys for 
allowing authorized users to select a function. The infrared 
port 42, which is located in the front aide of the automated 
information providing apparatus 18, performs infrared 
25 communication with the infrared port of the mobile termina! 10 
The communication signal converting module 44 converts 
the infrared signal received from the infrared port 42 into an 
electric signal that can be processed by the control module 48 
and performs signal processing for transmitting the infrared 
30 signal from the infrared communication module 46 through the 
infrared port 42. 

The infrared communication module 46 performs an 

initialization task reoui-r^H «.v • ^ 

re< 3 ulre d for the infrared communication 
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between the infrared port 42 and the mobile terminal 10 and 
generates infrared signals to be transmitted to the mobile 
terminal 10. 

Receiving a service request from the information 
5 providing module 56 through user key input, the control module 
46 receives the authorization certificate from the 
authorization server 14 and examines the validity of the 
certificate based on the latest CRL (certificate revocation 
list) with a validation control program 50 executed. The 
10 control module 46, then, examines the validity of the 

electronic signature using the certificate, and performs the 
user certification using the information included in the 
certificate. 

If the user certification for the mobile terminal 10 
15 finishes successfully, the control module 46 activates the 
information providing module 56 so that the service requested 
by the mobile terminal user can be provided. 

The security service library 52, in conjunction with the 
validation control program executed by the control module 48, 
20 provides information required for validation of the electronic 
signature. The network interface adaptor 54 connects to the 
authorization server 14 through the Internet and exchanges 
data for the certification of the mobile terminal user. 

Activated by the control of the control module 48, the 
25 information providing module 56 provides various services such 
as deposit/withdrawal of cash or issuance of documents to the 



user. 



FIG. 4 illustrates the protocol for the infrared 
communication between the mobile terminal 10 and the automated 
30 information providing apparatus 18. The protocol comprises a 
Physical layer 60, IrLAP (Ir Link Access Protocol) 62, IrLMP 
dr Link Management Protocol) 64, tiny TP 66, IAS (Information 
Access Service) 68, IrLAN (Ir Local Area Networks) 70, OBEX 
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(Object Exchange Services) 72, and IrCOMM 74. 

The IrLAP 62 is a protocol for providing a reliable 
connection between each device. The IrLMP 64 is a protocol for 
performing multiplexing with a view to providing multiple 
5 channels for the connection of the IrLAP 62 . The tiny TP 66 is 
a protocol for flow control with the connection of the IrLMP 
64. The IAS 68 is for providing the protocol and service for 
the IrLMP 64. The IrLAN 70 is a protocol that supports 
wireless connection of the infrared communication under LAN 
10 environment. The OBEX 72 provides an object exchange service 
similar to HTTP. The IrCOMM 74 is for controlling serial or 
parallel ports used in printers or modems. 

The stack of the infrared protocol in accordance with the 
invention performs exchange of the electronic signature data 
15 for user certification between the mobile terminal 10 and the 
automated information providing apparatus 18 using the OBEX 72 
FIG. 5 is a flowchart illustrating a method and apparatus 
for user authentication in accordance with the present 
invention. 

20 if the user of the mobile terminal 10 operates the keypad 

4 0 of the automated information providing apparatus 18 to 
request a service (S10) , the control module 48 of the 
automated information providing apparatus 48 sets the infrared 
communication module 46 to a standby mode for receiving an 

25 infrared signal (Sll) . 

Based on the authorization certificate storing unit 24, 
the mobile terminal 10 performs an electronic signing task 
(S12) . With the mobile terminal 10 placed opposite the 
infrared port 42 of the automated information providing 
30 apparatus 18, the mobile terminal 10 and the automated 

information providing apparatus 18 perform initialization of 
the infrared communication (S13) . 

The control module 48 of the automated information 
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providing apparatus 18 transmits a message for requesting 
electronic signature data in the form of an infrared signal to 
the mobile terminal 10 through the infrared port 46 (S14) . 
Receiving the request, the mobile terminal 10 activates the 
5 electronic signature service module 32 to transmit the 

electronic signature data in the form of an infrared signal 
through the infrared communication processing unit 3 6 (S15) . 

The control module 48 of the automated information 
providing apparatus 18 receives the electronic signature data 
10 from the mobile terminal 10 by activating the validation 

control program 50 and refers to the directory server 16 for 
the certificate for the user of the mobile terminal 10 through 
the network interface adaptor 54 (S16) . 

In response to the request, the directory server 16 
15 provides the certificate for the mobile terminal user, which 
was issued and registered by the authorization server 14 (S17) 
and provides the latest CRL required for verifying the 
validity of the certificate (S18) . 

The control module 4 8 of the automated information 
20 providing apparatus 18 verifies the validity of the 

certificate based on the latest CRL, verifies the electronic 
signature data received from the mobile terminal 10, and 
performs user certification using the certificate (S19) . 
The automated information providing apparatus 18 
25 transmits the result of the validation of the electronic 

signature to the mobile terminal 10 in the form of an infrared 
signal (S20) and activates the information providing module 56 
so that the request of the mobile terminal user may be served. 
The method and apparatus for user authentication using 
30 infrared communication of a mobile terminal in accordance with 
the invention enhances the certification security and 
integrity of electronic signature by using infrared 
communication, thereby providing more secured services when 
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applied to various automated transaction machines. 

While the invention has been disclosed with respect to a 
limited number of embodiments, those skilled in the art, 
having the benefit of this disclosure, will appreciate 
5 numerous modifications and variations therefrom. It is 
intended that all such modifications and variations fall 
within the spirit and scope of the invention. 
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